10/29/13

Cara Block SSH FTP Telnet Brute Force Pada Mikrotik 2013

Sudah lama saya tidak memosting pada blog tercinta ini. Kali ini saya akan bagikan bagaimana Cara Block SSH FTP & Telnet Brute Force Pada Mikrotik 2013. Apa itu SSH FTP & Telnet Brute Force? Brute Force adalah sebuah tehnik seseorang yang mencoba masuk ke router kita via FTP / Telnet / SSH menggunakan port 21, 22, 23 dengan acak atau menebak username dan password router kita yang mereka tebak. Jadi disini kita bisa menangkal jika mereka login sembarangan atau menggunakan tehnik Brute Force, maka IP yang mereka gunakan akan tercatat di Address List kita. Selanjutnya akan di Banned sesuai yang kita inginkan.




Untuk caranya kita bisa langsung menggunakan terminal, dan copy script dibawah ini :


FTP Blocker:
/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \
comment="drop ftp brute forcers" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment="" \
disabled=no



SSH Blocker:
/ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" \
disabled=no



Telnet Blocker:
/ip firewall filter
add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \
comment="drop telnet brute forcers" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment="" \
disabled=no


Dari script yang di atas, bisa kita pelajari dari ip yang mencoba masuk akan tercatat dan ditambahkan ke address list seperti gambar dibawah ini :



Bagaimana? Mudah bukan? kita hanya tinggal copy paste ke terminal dan hasilnya lumayan buat menangkan Ip yang masuk menggunakan FTP/Telnet . Apakah anda akan mencoba?

Share on Facebook
Share on Twitter
Share on Google+
Tags :

Related : Cara Block SSH FTP Telnet Brute Force Pada Mikrotik 2013

7 comments:

  1. terimaksih ini sangat membantu

    ReplyDelete
  2. Terimakasih...tutornya top binggiiiitt dan saya sudah berhasil.

    ReplyDelete
  3. Terimakasih Blognya Gan,ini sangat membantu saya

    ReplyDelete
  4. oke,, sama-sama gan,, semoga bermanfaat.

    ReplyDelete
  5. thx gan blognya. sangat bermanfaat.

    ReplyDelete
  6. kenapa dibuat stage1-3 baru ada blacklist gan? mohon bimbingannya

    ReplyDelete
    Replies
    1. perbedaan waktu untuk bisa login kembali / menghapus ip dari address-list yang telah melakukan Brute Force...

      Delete